Question bout page calls

Steffel

I'd like to know if it's possible to check whether a php script is called from another php-script or only opened in the browser.
Is there a possibility to check this?

The reason
I got a script that sends a picture like:
<img src="http://myhost/sendpicture.php?picture_id=111">

but I don't want this script to run single in a browser.
How can I do this?

Weedpacket

$_SERVER['HTTP_REFERER'] may be your best shot. See the manual on predefined variables for details.

Steffel

thanks for your tipp, but it seems not to work
the variable is always empty
doens't matter if its another script or the browser calling

another chance?

Weedpacket

If you're using an older version of PHP (pre 4.1), then try $HTTP_SERVER_VARS['HTTP_REFERER'] or $HTTP_REFERER.

Note the decades-old spelling mistake, and be aware that it can't be 100% reliable, as the browser is not obligated to say where it got the URL from (though it should be doing better than 0% 🙂).

Weedpacket

Y'know, I may have misunderstood your question :o

I've been operating under the assumption that you were wanting http://myhost/sendpicture.php?picture_id=11 to be served only if it was requested via a line in a script-generated page, as opposed to being e.g. typed in by hand into the browser's address bar; the idea being to prevent the pictures' URLs from being passed around and bookmarked without requiring visitors to go through proper channels to get them.

Is this right, or am I sending you off in the wrong direction?

Steffel

you're right, but i think i got it now
with HTTP_REFERER it works

script:
if ($HTTP_REFERER != "")
{
$sql = "SELECT * FROM pictures WHERE id='$a'";
$result = mysql_query($sql,$db);
$image = "pictures/$myPicPath" . mysql_result($result,0,"source");
$fp = fopen($image,"r");
echo fpassthru($fp);
fclose($image);
}

script call:
<img src="script.php?a=23">

thx a lot
Steffel